NAB 2019: Streaming services among most targeted by credential hack attacks
Details
Joseph O'Halloran
| 10 April 2019

Research from content delivery network Akamai has identified wide-ranging credential abuse attacks against online video and music streaming services.

Among the findings in the State of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report, are details of three of the largest credential stuffing attacks against streaming services in 2018, ranging in size from 133 million to 200 million attempts. These took place shortly after reported data breaches, indicating, said Akamai, that hackers were likely testing stolen credentials before selling them.

The attack method studied is commonly referred to as ‘credential stuffing’ in which nefarious actors tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

Among the purposed the stolen credentials are used for include enabling non-subscribers to view content via pirated streaming accounts. Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.

“Hackers are very attracted to the high profile and value of online streaming services,” said Akamai's director of security technology and strategy Patrick Sullivan and author of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report. “Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse. The good news is that organisations are taking the threat seriously and investigating security defences.”